0 Replies Latest reply on Apr 6, 2006 8:53 PM by 666705

    LDAP security authentication in weblogic sp4 (URGENT)

    666705
      We have a web application which interacts to the D/B to authenticate a user during our login process. Now we are trying to change the login to LDAP authentication. Here is the List I did on weblogic configuration correct me if this is correct or if am missing any thing.
      1. Created a Realm
      2. Created a NOVELL LDAP Authenticator (configured user, groups, members, Novell LDAP, Details)
      3. Created a X.509 certificates ????? Do I need to create this one for authentication. The only question is I am confused by these parameters and help me out in figuring out these:
      a. filter attributes = cn=$subj.cn
      b. username attribute = cn
      c. userCertificate;binary ??? ( I have a certificate idmtree.der where do I add configuration about this certificate in the console)>>>>>>>>
      d. certificate mapping : ou=user,ou=$subj.ou,o=$subj.o,c=$subj.c (IS THIS CORRECT)
      4. created a new Weblogic Default Authorizer...
      5. created a new Weblogic Default Role Mapper...
      6. created a new Weblogic Default Credential Mapper ...(Do I need to setup my certificate inside this credential mapper or not.)

      7. I made this realm as the DEFAULT realm and started the server
      I get the following exception.

      Initializing RoleMapper provider using LDIF template file C:\bea\user_projects\domains\mydomain\.\DefaultRoleMapperInit.ldift.>

      The RoleMapper provider has had its LDIF information loaded from: C:\bea\user_projects\domains\mydomain\.\DefaultRoleMapperInit.ldift>

      Initializing Authorizer provider using LDIF template file C:\bea\user_projects\domains\mydomain\.\DefaultAuthorizerInit.ldift.>

      The Authorizer provider has had its LDIF information loaded from: C:\bea\user_projects\domains\mydomain\.\DefaultAuthorizerInit.ldift>

      Loading trusted certificates from the jks keystore file C:\bea\weblogic81\server\lib\DemoTrust.jks.>

      Loading trusted certificates from the jks keystore file C:\bea\JDK142~1\jre\lib\security\cacerts.>

      Loading trusted certificates from the jks keystore file C:\bea\weblogic81\server\lib\DemoTrust.jks.>

      Loading trusted certificates from the jks keystore file C:\bea\JDK142~1\jre\lib\security\cacerts.>

      Certificate chain received from ldapidv.merc.chicago.cme.com - 10.5.19.190 was not trusted causing SSL handshake failure.>

      Server failed during initialization. Exception:weblogic.security.service.SecurityServiceRuntimeException: [Security:090371]Problem instantiating Authentication Provider weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection - with nested exception:

      [java.lang.reflect.InvocationTargetException - with target exception:

      [netscape.ldap.LDAPException: [Security:090477]Certificate chain received from ldapidv.merc.chicago.cme.com - 10.5.19.190 was not trusted causing SSL handshake failure. (91)]]

      weblogic.security.service.SecurityServiceRuntimeException: [Security:090371]Problem instantiating Authentication Provider weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection - with nested exception:

      [java.lang.reflect.InvocationTargetException - with target exception:

      [netscape.ldap.LDAPException: [Security:090477]Certificate chain received from ldapidv.merc.chicago.cme.com - 10.5.19.190 was not trusted causing SSL handshake failure. (91)]]

      at weblogic.security.service.PrincipalAuthenticator.initialize(PrincipalAuthenticator.java:205)

      at weblogic.security.service.PrincipalAuthenticator.<init>(PrincipalAuthenticator.java:262)

      at weblogic.security.service.SecurityServiceManagerDelegateImpl.doATN(SecurityServiceManagerDelegateImpl.java:581)

      at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealm(SecurityServiceManagerDelegateImpl.java:420)

      at weblogic.security.service.SecurityServiceManagerDelegateImpl.loadRealm(SecurityServiceManagerDelegateImpl.java:700)

      at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealms(SecurityServiceManagerDelegateImpl.java:733)

      at weblogic.security.service.SecurityServiceManagerDelegateImpl.initialize(SecurityServiceManagerDelegateImpl.java:876)

      at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:734)

      at weblogic.t3.srvr.T3Srvr.initializeHere(T3Srvr.java:822)

      at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:670)

      at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:344)

      at weblogic.Server.main(Server.java:32)

      >

      ####<Apr 6, 2006 10:42:55 AM CDT> <Emergency> <WebLogicServer> <DXPCHI029398> <myserver> <main> <<WLS Kernel>> <> <BEA-000342> <Unable to initialize the server: weblogic.security.service.SecurityServiceRuntimeException: [Security:090371]Problem instantiating Authentication Provider weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection - with nested exception:

      [java.lang.reflect.InvocationTargetException - with target exception:

      [netscape.ldap.LDAPException: [Security:090477]Certificate chain received from ldapidv.merc.chicago.cme.com - 10.5.19.190 was not trusted causing SSL handshake failure. (91)]]>

      ANY HELP on this would be greatly appreciated am totally exhausted seeing these error messages from morning.

      I would like to know if I need a client for connecting to this LDAP authenticator. As am using the Novell API to access the LDAP directory. Let me know, and if so can some one provide me a snippet code.\
      Waiting for response.

      thanks in advance
      kiran